package com.beck.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class MySecurityConfig2 extends WebSecurityConfigurerAdapter {

    public MySecurityConfig2() {
        System.out.println("=============================");
    }

    @Autowired
    public MyAuthenticationSuccessHandler successHandler;
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 这个也不能省,否则没有自生成的user密码，配置文件中配置的用户名与密码也无效
        super.configure(auth);
        System.out.println("1111111111111111111111111111111");

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        System.out.println("2222222222222222222222222222222222");
        // super.configure(http);
        http.authorizeRequests().antMatchers("/*.html","/login").permitAll();
        http.formLogin().loginPage("/login").failureForwardUrl("/myerror")
                .successHandler(successHandler);

        http.authorizeRequests().anyRequest().authenticated();
        // 这个不能省
        http.csrf().disable();
//                and().formLogin().loginPage("/login").
//                and().authorizeRequests().anyRequest().authenticated().
//                and().csrf().disable();


          }
}
